Community discussions

Search found 87 matches

by rpress
Mon Jul 29, 2019 2:49 pm
Forum: General
Topic: 802.11ac Wave2 Support?
Replies: 32
Views: 6692

Re: 802.11ac Wave2 Support?

160MHz does not work in the US, presumably because Mikrotik did not complete the necessary testing required.

https://apps.fcc.gov/oetcf/kdb/forms/FT ... P&id=27155
by rpress
Sat Jul 13, 2019 6:12 pm
Forum: Wireless Networking
Topic: "united states3" bands
Replies: 2
Views: 686

Re: "united states3" bands

I was looking at the RB4011, but based on the lack of responses I didn't see much hope in sticking with Mikrotik for my wireless. I guess the US is not an important market for them. I just finished setting up my Ruckus R720. Previously I was seeing about 220 Mbps with my hAP ac at 80 MHz. With the n...
by rpress
Sat Jun 29, 2019 10:54 pm
Forum: Wireless Networking
Topic: "united states3" bands
Replies: 2
Views: 686

Re: "united states3" bands

Is it a violation of FCC to use an international model Mikrotik device, set to "united states2", and used in the United States?
by rpress
Fri Jun 28, 2019 5:45 pm
Forum: Wireless Networking
Topic: "united states3" bands
Replies: 2
Views: 686

"united states3" bands

Is there a reason "united states3" country setting does not support U-NII-2A and U-NII-2C bands? These bands are disabled in all US sold devices. These frequencies are legal for use, see the linked document. https://transition.fcc.gov/oet/ea/presentations/files/may17/31-Part-15-Panel-UNII-UpdatesDT....
by rpress
Wed Oct 27, 2010 8:15 pm
Forum: General
Topic: RouterOS v5 RC2
Replies: 91
Views: 14769

Re: RouterOS v5 RC2

Wow, support for ipsec NAT-T!

Still crashes WinBox when opening up an IPv6 route on my RB750. It has done this ever since the new WinBox GUI look. It did this even with a clean install.
by rpress
Mon Jul 26, 2010 5:14 am
Forum: General
Topic: RouterOS 5 beta 5
Replies: 22
Views: 6331

Re: RouterOS 5 beta 5

I still have the problem (since beta 4) that opening up an IPv6 route closes WinBox. It happens on my RB750 but not on the RB433, both with a clean config.
by rpress
Sat Jul 10, 2010 12:37 am
Forum: General
Topic: RouterOS v5 beta4 released
Replies: 48
Views: 11102

Re: RouterOS v5 beta4 released

About every two days my SIP VoIP cannot register with the server. It's probably related to the possible change in the connection tracking as it's been working fine before. Asterisk shows the registration request has been sent but it never completes. A reboot of the router solves the problem instantl...
by rpress
Thu Jul 08, 2010 5:03 am
Forum: General
Topic: RouterOS v5 beta4 released
Replies: 48
Views: 11102

Re: RouterOS v5 beta4 released

The SSTP server binds itself to every IP on the router on this port so there is no way to use port 443 for anything else. You can just block the port in the firewall 'input' chain, or really just allow 443 to only the desired IP and then block everything else. I tested this and it does work, I was ...
by rpress
Wed Jun 30, 2010 7:14 pm
Forum: General
Topic: RouterOS v5 beta4 released
Replies: 48
Views: 11102

Re: RouterOS v5 beta4 released

Opening up an IPv6 route closes my WinBox. This was on a clean install, rb750. I can add/edit routes using terminal just fine. Memory leak looks fixed so far. I noticed weirdness where an aborted PPTP client session would not delete the IP address and then it couldn't reconnect because the old addre...
by rpress
Tue Jun 29, 2010 11:54 pm
Forum: General
Topic: MikroTik RouterOS version 5.0beta3 released!
Replies: 91
Views: 30532

Re: MikroTik RouterOS version 5.0beta3 released!

any news about SSTP? everything working correctly so far? how about Windows 7 clients to your SSTP server? Also work fine? Cant say for sure yet. Have about 20 SSTP connections, but all OVPN/SSTP bombs randomly which you said is because of OVPN.. But im not upgrading any more because of the memory ...
by rpress
Mon Jun 21, 2010 6:04 pm
Forum: General
Topic: SSTP on Vista or Win7 successful ????
Replies: 18
Views: 4142

Re: SSTP on Vista or Win7 successful ????

Thank you for the update which version you got it working on ?
5.0beta3
by rpress
Mon Jun 21, 2010 3:56 am
Forum: General
Topic: SSTP on Vista or Win7 successful ????
Replies: 18
Views: 4142

Re: SSTP on Vista or Win7 successful ????

Aha, got it working, had to reload the certificate. My certificate is from cacert.org. IPv6 works over SSTP too. There is still some problem with beta3 as my memory is being eaten up; I have emailed support.
by rpress
Sat Jun 19, 2010 8:31 am
Forum: General
Topic: SSTP on Vista or Win7 successful ????
Replies: 18
Views: 4142

Re: SSTP on Vista or Win7 successful ????

I had SSTP server working on beta1, but beta2 & beta3 give same root certificate error in Win7.
by rpress
Tue May 18, 2010 2:57 am
Forum: General
Topic: RouterOS on Watchguard xSeries h/w
Replies: 69
Views: 12342

Re: RouterOS on Watchguard xSeries h/w

We use a Watchguard x500 at the office here. I used Netinstall to put it on a larger CF and it works fine. I also made an adapter cable to get the LCD working; somewhere I have the drawing for that cable, it has a transistor & a couple resistors in it. Attached is the drawing for the LCD schematic.
by rpress
Tue Apr 06, 2010 7:29 pm
Forum: General
Topic: SSTP & IPv6
Replies: 18
Views: 4775

Re: SSTP & IPv6

Currently you can't connect to the router using IPv6 address. This feature will be added in future versions.
Thanks for the reply, I appreciate it.
by rpress
Fri Apr 02, 2010 6:59 pm
Forum: General
Topic: RB750 and Microsoft Hyper-V incompatible?
Replies: 8
Views: 1497

Re: RB750 and Microsoft Hyper-V incompatible?

I'm running trixbox (paravirtualized) on my XenServer at home, I have no problems with it. All the servers on the XenServer use DHCP from my RB750 and it is also working fine.
by rpress
Fri Apr 02, 2010 1:17 am
Forum: General
Topic: IPv6 RA not working when ports are slaved
Replies: 7
Views: 1246

Re: IPv6 RA not working when ports are slaved

This problem still exists in ROS v5.0beta1.
by rpress
Thu Apr 01, 2010 6:27 pm
Forum: General
Topic: SSTP & IPv6
Replies: 18
Views: 4775

Re: SSTP & IPv6

Ok, I have IPv6 working over SSTP. But what about the first part of my question, does SSTP listen on the IPv6 addresses? Can I connect to the SSTP server using IPv6?
by rpress
Wed Mar 31, 2010 10:03 pm
Forum: General
Topic: SSTP & IPv6
Replies: 18
Views: 4775

SSTP & IPv6

I just installed 5.0beta1 on my RB750.

Does SSTP listen on IPv6? It does not seem to. If not, is this planned for a future release? I was really hoping for this.

I assume IPv6 over the SSTP tunnel works because the changelog says IPv6 over PPP is supported. Yes?
by rpress
Tue Mar 30, 2010 12:49 am
Forum: General
Topic: Simple question about priority
Replies: 45
Views: 6463

Re: Simple question about priority

The point is that the queue will reside on the DSL modem and not on the MikroTik router... You need visibility as to the queued packets inside the modem. The MikroTik will not be the one dropping packets, it could probably figure it out with TCP but UDP will have no indicator. Even if you have all t...
by rpress
Fri Mar 19, 2010 8:12 pm
Forum: General
Topic: Simple question about priority
Replies: 45
Views: 6463

Re: Simple question about priority

This slightly contradicts what was said above. Apears that "limit-at" has nothing to do with priority. I still want to ask, in this case, priority will work or not: Yes it will work with only max-limit on the parent queue, and just priority for the child queue. Priority does work with no max-limit ...
by rpress
Fri Mar 19, 2010 1:37 am
Forum: General
Topic: Intel Atom board D945GCLF fot MT
Replies: 27
Views: 5514

Re: Intel Atom board D945GCLF fot MT

look at the picture - no fans =)

maybe it's from RB1000 description?.. it has two fans...
Dual fan with failover support mounted at case back
Did you find a picture of the rear of the unit?
by rpress
Thu Mar 18, 2010 9:43 pm
Forum: General
Topic: Intel Atom board D945GCLF fot MT
Replies: 27
Views: 5514

Re: Intel Atom board D945GCLF fot MT

RB1100 pricing and capabilities are quite good and bypass feature is a nice bonus. One thing amiss is lack of USB port(s) on RB1100.

Anybody knows how many fans are on RB1100 and how noisy it is?
http://www.roc-noc.com/pdf/RB1100/rb1100.pdf

Says dual fan with failover.
by rpress
Thu Mar 18, 2010 8:10 pm
Forum: General
Topic: Intel Atom board D945GCLF fot MT
Replies: 27
Views: 5514

Re: Intel Atom board D945GCLF fot MT

RB1100 is low cost rackmount router. Do you like it? Yes, it is pretty good! Pretty much the same cost as our router. It has more ports and better VPN performance, ours has USB ports and ability for internal wireless card. Is the microSD card externally accessible? Is it used for firmware/config? W...
by rpress
Wed Mar 17, 2010 8:14 pm
Forum: General
Topic: Problems with DNS in Version 4.x
Replies: 47
Views: 7390

Re: Problems with DNS in Version 4.x

I too had problems with the MikroTik DNS server. I was just using it to cache records, as a resolving DNS server. After a couple days it would stop responding, so I stopped using it.
by rpress
Mon Mar 15, 2010 9:52 pm
Forum: General
Topic: dns problem for incomming vpn users
Replies: 27
Views: 22257

Re: dns problem for incomming vpn users

Yep, I noticed the lack of DNS suffix for VPNs as well. Eventually I resorted to using a WINS server.
by rpress
Wed Mar 03, 2010 6:32 pm
Forum: General
Topic: IPv6 RA not working when ports are slaved
Replies: 7
Views: 1246

Re: IPv6 RA not working when ports are slaved

I have this exact problem as well. When switch ports are slaved on my RB750, RADVD tries to advertise on them. In the logs the error is: "radvd debug sendmsg failed on private (fe80:20c:42ff:fe55:b518): Invalid argument" When I disable the slave ports RADVD works correctly, but only after a router r...
by rpress
Fri Feb 26, 2010 6:45 pm
Forum: General
Topic: QoS with dynamic bandwitdh
Replies: 5
Views: 905

Re: QoS with dynamic bandwitdh

It is a very difficult problem. If your upstream device understands DSCP then you can tag outgoing traffic with a mangle rule. This will not control inbound traffic, however. If it is a wireless link you can enable WMM on both sides and then set the RouterOS priority with a mangle rule. Otherwise yo...
by rpress
Fri Feb 26, 2010 6:33 pm
Forum: General
Topic: RouterOS v4.6 released
Replies: 80
Views: 12341

Re: RouterOS v4.6 released

I was hoping the OpenVPN bug would be fixed as well... I guess I'll wait for the next version.
by rpress
Wed Feb 17, 2010 6:06 am
Forum: General
Topic: Response from support
Replies: 30
Views: 6754

Re: Response from support

Well, I stopped using OpenVPN for now, just using L2TP. This didn't fix the router not responding though. I had one WAN connection that was particularly flaky and the OSPF would go up and down often. I disabled OSPF for this interface and just did static routes. Uptime so far is 4 days - knock on wo...
by rpress
Fri Feb 12, 2010 6:49 pm
Forum: General
Topic: Response from support
Replies: 30
Views: 6754

Re: Response from support

Thanks for your response, I also just received a response to my ticket. Sorry I had to mention it in the forum but I did try to send a few emails to support, first.
by rpress
Thu Feb 11, 2010 9:06 pm
Forum: General
Topic: Response from support
Replies: 30
Views: 6754

Response from support

Anyone else have no response from support@mikrotik.com? Maybe they are on holiday? My first email was on the February 2nd, now it's the 11th. I sent supout.rif. Ticket # 2010020266000501. My problem is with OpenVPN, RouterOS 4.5, x86. After a few days all VPNs fail to connect with "could not negotia...
by rpress
Wed Feb 03, 2010 8:41 pm
Forum: Wireless Networking
Topic: crappy ping result lol
Replies: 3
Views: 805

Re: crappy ping result lol

What is your DD-WRT wireless chipset? Broadcom maybe?

I've noticed very erratic ping times with Gemtek chipsets on client machines.
by rpress
Tue Feb 02, 2010 11:10 pm
Forum: General
Topic: RouterOS on Watchguard xSeries h/w
Replies: 69
Views: 12342

Re: RouterOS on Watchguard xSeries h/w

You did a Netinstall on the CF and then stuck it into the Watchguard? You should just skip trying it on your netbook.
by rpress
Tue Feb 02, 2010 10:42 pm
Forum: General
Topic: RouterOS on Watchguard xSeries h/w
Replies: 69
Views: 12342

Re: RouterOS on Watchguard xSeries h/w

We use a Watchguard x500 at the office here. I used Netinstall to put it on a larger CF and it works fine. I also made an adapter cable to get the LCD working; somewhere I have the drawing for that cable, it has a transistor & a couple resistors in it.
by rpress
Thu Jan 21, 2010 8:02 pm
Forum: General
Topic: Popularity of RouterOS on X86
Replies: 1
Views: 475

Re: Popularity of RouterOS on X86

With the RTL8169 I have seen pretty bad performance with RouterOS, at least a couple months ago. Might want to do some tests - if I recall it had problems with TCP but not really UDP. I believe it is a Linux driver issue.

I think MikroTik is pretty happy with the performance of the RB1000.
by rpress
Wed Jan 20, 2010 9:02 pm
Forum: General
Topic: RouterOS logo
Replies: 5
Views: 932

Re: RouterOS logo

I downloaded WinBox again but mine is still blocky.
Untitled.png
by rpress
Tue Jan 19, 2010 7:42 pm
Forum: General
Topic: RouterOS logo
Replies: 5
Views: 932

Re: RouterOS logo

Doesn't it look like the 'i' in MikroTik? I don't see any reason for concern. WinBox has had that logo for a couple RouterOS revisions now, although the WinBox version number stayed the same. :) My one complaint is that in Windows 7 the icon is large in the task bar, but the icon does not have a hig...
by rpress
Fri Jan 15, 2010 8:12 pm
Forum: General
Topic: Prioritize SIP Packets with PCQ enabled
Replies: 5
Views: 1271

Re: Prioritize SIP Packets with PCQ enabled

You mean packet mark for PCC (Per Connection Classifier) load balance, and not PCQ (Per Connection Queue) for bandwidth sharing, right? For PCC you only need mark-connection and mark-routing, so this leaves mark-packet for HTB queue. For HTB queue using mark-connection and mark-packet is better, use...
by rpress
Thu Dec 31, 2009 12:23 am
Forum: Beginner Basics
Topic: Windows Vista cannot obtain IP from DHCP on RB493
Replies: 8
Views: 3005

Re: Windows Vista cannot obtain IP from DHCP on RB493

DHCP is working here with Vista and Win7 clients, the computer I am typing on is Win7 using MikroTik DHCP. Maybe you have another DHCP server on the network? Here is my config, maybe it helps you. /ip dhcp-server add address-pool=private authoritative=after-2sec-delay bootp-support=static \ disabled...
by rpress
Wed Dec 30, 2009 10:57 pm
Forum: General
Topic: Deleted Static Routes Reappearing ROS 4.4 (x86)
Replies: 10
Views: 1764

Re: Deleted Static Routes Reappearing ROS 4.4 (x86)

You can change the name of the certificate after import.

/certificate set 0 name="vpn_1"
by rpress
Sun Dec 27, 2009 12:34 am
Forum: General
Topic: IPv6 firewall rule examples
Replies: 3
Views: 16009

IPv6 firewall rule examples

Would anyone like to share their IPv6 firewall rules or comment on mine? Here is mine: /ipv6 firewall filter add action=accept chain=input comment="Allow established connections" connection-state=established disabled=no add action=accept chain=input comment="Allow related connections" connection-sta...
by rpress
Thu Dec 24, 2009 11:33 pm
Forum: General
Topic: Poor ML/PPP Upstream Performance
Replies: 7
Views: 1316

Re: Poor ML/PPP Upstream Performance

It's too bad that the performance is degraded when one link goes down... But how often will this be the case? In normal operation won't all links be up? I'm guessing it does a sort of round-robin transmit and when one link fails it tries to use that interface anyway and has to resend on the other li...
by rpress
Thu Dec 24, 2009 11:29 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 49301

Re: IPSEC and NAT-T problem

I just tested the IPSEC NAT-T and it is indeed working in v4.4.
by rpress
Thu Dec 24, 2009 11:28 pm
Forum: General
Topic: Really frustrated
Replies: 7
Views: 1010

Re: Really frustrated

Well, I use the same certificate and it works for me, I can see for multiple clients that you would want separate certs. I just read the documentation and it seems to suggest that multiple certs will work as long as you import the CA as well. The documentation also says "server mode (multi client to...
by rpress
Thu Dec 24, 2009 6:52 pm
Forum: General
Topic: Really frustrated
Replies: 7
Views: 1010

Re: Really frustrated

Pretty sure you gotta have the certs on both sides be exactly the same. That's what I do. I don't think the CN matters.
by rpress
Thu Dec 24, 2009 12:20 am
Forum: General
Topic: Really frustrated
Replies: 7
Views: 1010

Re: Really frustrated

Maybe try 0.0.0.0/0 instead of 0.0.0.0. I have OpenVPN working MT-MT with dynamic IP and certificates. You mean you are not using user/pass in secrets as well?
by rpress
Wed Dec 23, 2009 10:56 pm
Forum: General
Topic: MikroTik as OpenVPN client
Replies: 17
Views: 6257

Re: MikroTik as OpenVPN client

Are you logging ovpn at debug level like so: /system logging add action=memory disabled=no prefix="" topics=ovpn,debug Unfortunately I have noticed that the OVPN in MikroTik does not have very good debug output. It looks to me like the DD-WRT is proposing cypher and auth and MikroTik rejects it and ...
by rpress
Wed Dec 23, 2009 10:14 pm
Forum: General
Topic: MikroTik as OpenVPN client
Replies: 17
Views: 6257

Re: MikroTik as OpenVPN client

Did you try smaller than a 7 character password? A known issue, greater than 7 characters does not work, at least with MT-MT OVPN.

Make sure you open TCP 1194 in the firewall. Try to reboot the MikroTik.
by rpress
Wed Dec 23, 2009 7:55 pm
Forum: General
Topic: Port forward multiple IP's on same interface
Replies: 10
Views: 2847

Re: Port forward multiple IP's on same interface

Doh! I found the problem. I should have used dst-address instead of src-address Change add action=dst-nat chain=dstnat comment="" disabled=no dst-port=80 protocol=\ tcp src-address=10.10.10.104 to-addresses=192.168.30.104 to-ports=80 to add action=dst-nat chain=dstnat comment="" disabled=no dst-por...
by rpress
Wed Dec 16, 2009 6:10 am
Forum: Forwarding Protocols
Topic: PCQ over variable capacity MPLS link
Replies: 0
Views: 590

PCQ over variable capacity MPLS link

Soon we're going to switch to a new network provider that uses MPLS. They are going to use a Cisco IAD to provide a PRI to the phone system and ethernet for our internet & private network. The connections will be 3Mbit at some sites and 1.5Mbit at others. I'd like to be able to implement an upload P...
by rpress
Wed Dec 16, 2009 1:19 am
Forum: General
Topic: Advice for VPN for Mikrotik, IPv4 and IPv6
Replies: 12
Views: 2620

Re: Advice for VPN for Mikrotik, IPv4 and IPv6

I have three MikroTik OVPN clients connecting to one server, and it works fine. The documentation does seem to suggest otherwise. I am using RouterOS 4.3.
by rpress
Wed Dec 09, 2009 2:25 am
Forum: Wireless Networking
Topic: Wifi and 3G interference
Replies: 5
Views: 1114

Re: Wifi and 3G interference

This is goung to sound stupid.... but... Move the laptop away from the router a bit... I have seen that woth 802.11N that bing too close can shut communication completely off !! I have a Toshiba laptop that I have to keep about 5 to10 feet away, then it works GREAT... Ok, I tried that... Still drop...
by rpress
Tue Dec 08, 2009 6:11 pm
Forum: Wireless Networking
Topic: Wifi and 3G interference
Replies: 5
Views: 1114

Re: Wifi and 3G interference

How do you know the sprint card has anything to do with your problem? Yeah, I should have mentioned this. With the Sprint card completely removed I did not see any dropped packets. I have upped the hw-retries to 15 and this has helped somewhat. I have tried an R52n card, and a 802.11G Atheros card....
by rpress
Tue Dec 08, 2009 12:20 am
Forum: Wireless Networking
Topic: Wifi and 3G interference
Replies: 5
Views: 1114

Wifi and 3G interference

I'm putting together a RB411U with a Sprint U720 minipci-e modem and a R2n wifi card. The client adapter is 802.11G, about 4 feet away. With the Sprint modem operating I am seeing packet loss on the wifi. About 2% loss even with no traffic. Ping times are mostly 1-5ms with the occasional 100+ms. I'v...
by rpress
Sat Dec 05, 2009 12:57 am
Forum: General
Topic: Traffic not always routing through x86 machine
Replies: 3
Views: 522

Re: Traffic not always routing through x86 machine

You mean http://forum.landrovernet.com, right? Can you ping the sites that don't work? I have seen where the MSS is too large will cause some sites to not work. This is due to some MTU along the way being too small. If ICMP is blocked on their side then the web site will not be able to send the ICMP...
by rpress
Fri Dec 04, 2009 5:28 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 49301

Re: IPSEC and NAT-T problem

Fix for the problem will be included in version 4.4. Thank you very much for your reports. If anyone will have the problem with ISAKMP header, please let us know. Woohoo! Thank you! Now for L2TP/IPSEC the L2TP is still somewhat broken, it responds on the wrong IP... http://forum.mikrotik.com/viewto...
by rpress
Thu Dec 03, 2009 8:10 pm
Forum: General
Topic: Support Atom
Replies: 7
Views: 1220

Re: Support Atom

Just recently we've been building our own 1U Atom 330 units. We have about seven in the field and they are working great. They have a RB44GV in each, running off CompactFlash. Can you tell the model of the motherboard you are using? I had large number of the first intel Atom boards go bad due to co...
by rpress
Thu Dec 03, 2009 7:28 pm
Forum: General
Topic: Support Atom
Replies: 7
Views: 1220

Re: Support Atom

Just recently we've been building our own 1U Atom 330 units. We have about seven in the field and they are working great. They have a RB44GV in each, running off CompactFlash.
by rpress
Sat Oct 31, 2009 12:19 am
Forum: General
Topic: easy wifi question - no dhcp through Wifi
Replies: 1
Views: 467

Re: easy wifi question - no dhcp through Wifi

You need something like this, assuming lan is ether1. Then setup just one DHCP server on bridge1 for both LAN and WLAN. /interface bridge add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \ comment="" disabled=no forward-delay=15s l2mtu=2290 max-message-age=20s \ mtu=1500 name=...
by rpress
Thu Oct 22, 2009 7:26 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 49301

Re: IPSEC and NAT-T problem

No connection to this "feature"? The default behavior of IPsec NAT traversal (NAT-T) is changed in Windows XP Service Pack 2 http://support.microsoft.com/kb/885407/en-us How to configure an L2TP/IPsec server behind a NAT-T device in Windows Vista and in Windows Server 2008 http://support.microsoft....
by rpress
Thu Oct 15, 2009 7:49 pm
Forum: General
Topic: RouterOS v4 released
Replies: 38
Views: 3449

Re: RouterOS v4 released

I was excited to see the temperature monitoring, and it does work correctly in the terminal.

However I can't bring up the numbers in SNMP, they just show as zero. Is there another OID to use? I want to add a notification with The Dude for an overtemperature alarm.
by rpress
Thu Oct 15, 2009 7:42 pm
Forum: General
Topic: Intel Atom board D945GCLF fot MT
Replies: 27
Views: 5514

Re: Intel Atom board D945GCLF fot MT

I just build 7 routers with the Intel D945GCLF2, 4 port PCI RB44GV NIC, and a small 1U case. We have installed a couple so far and they are working great! Using RouterOS v3.30 and v4, no reboot problems. Too bad MikroTik doesn't see a market for a lower cost rackmount router; when I brought it up at...
by rpress
Thu Oct 15, 2009 7:33 pm
Forum: General
Topic: Problems with VPN
Replies: 9
Views: 4345

Re: Problems with VPN

I just sent an email to support so we'll see what they think.
by rpress
Thu Oct 15, 2009 6:25 pm
Forum: General
Topic: dual wan / single lan / port forwarding / policy routing
Replies: 4
Views: 3681

Re: dual wan / single lan / port forwarding / policy routing

Yes it is a tricky thing to have dstnat services on two gateways... Setup your routing table like so: /ip route add check-gateway=ping comment="Internet - Primary" disabled=no distance=1 \ dst-address=0.0.0.0/0 gateway=xxx.xxx.240.193 scope=30 target-scope=10 add comment="Internet - Failover" disabl...
by rpress
Thu Oct 08, 2009 11:20 pm
Forum: General
Topic: NAT Problem! Local hosts can't access through NATed address.
Replies: 3
Views: 1842

Re: NAT Problem! Local hosts can't access through NATed address.

I think I know what you are trying to do... You have a dstnat on the router for a web server, and you are trying to get to it from machines that use the same router as their gateway? I'm guessing you have a default srcnat masquerade rule like: /ip firewall nat add action=masquerade chain=srcnat disa...
by rpress
Fri Oct 02, 2009 7:25 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 49301

Re: IPSEC and NAT-T problem

That's fantastic you are looking into the issue. I don't know how to fix the problem but I will see if I can come up with anything.
by rpress
Fri Oct 02, 2009 1:41 am
Forum: General
Topic: DHCP woes
Replies: 8
Views: 1113

Re: DHCP woes

Yes DD-WRT relays the DHCP for some weird reason. I've had this same issue, and adding that relay to the same pool solves the problem.
by rpress
Thu Oct 01, 2009 8:47 pm
Forum: Virtualization
Topic: XEN on Dell Server
Replies: 2
Views: 1984

Re: XEN on Dell Server

Yes it's possible, I have RouterOS running under Xen. However you can only use emulated NICs so performance suffers and this configuration is unsupported by MikroTik; they say it will probably never be supported due to how they do their licensing.
by rpress
Mon Aug 24, 2009 8:41 pm
Forum: General
Topic: WDS connected via cat5 - is this feasible?
Replies: 31
Views: 4386

Re: WDS connected via cat5 - is this feasible?

What you want is simple roaming, I don't think you need WDS. Just set each AP to the same SSID, WPA key, and in your case, channel, and you should be fine.
by rpress
Mon Aug 17, 2009 8:28 pm
Forum: General
Topic: RouterOS L2TP server with Windows XP/Vista client behind NAT
Replies: 4
Views: 996

Re: RouterOS L2TP server with Windows XP/Vista client behind NAT

NAT-T is what you want. I tried in the past with 3.25 but I couldn't get mine working though, it looks like there is some problem with the kernel routing packets incorrectly once NAT-T is enabled. I posted about that problem a while ago in another thread. Let us know if you manage to get it working.
by rpress
Fri Aug 07, 2009 11:41 pm
Forum: General
Topic: HOWTO: Windows File & Print Sharing over PPTP VPN
Replies: 16
Views: 24336

Re: HOWTO: Windows File & Print Sharing over PPTP VPN

There is a MikroTik script somewhere that will take the hostname from the DHCP leases and then create a DNS entry, kind of a "poor man's" DNS registration.
by rpress
Mon Jul 27, 2009 10:26 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 49301

Re: IPSEC and NAT-T problem

Thanks Andrew. Unfortunately for me the client is a roadwarrior so there is no access to the client NAT.

I'm not sure if this is a kernel issue or a racoon issue but some other distros have this problem as well.
by rpress
Tue Jul 21, 2009 7:01 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 49301

Re: IPSEC and NAT-T problem

It seems the tunnel is established correctly, but the kernel is not capturing the tunneled packets and is instead letting them go through to racoon. They're not a valid isakmp packet so racoon says the length is wrong.
by rpress
Tue Jul 21, 2009 6:13 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 49301

IPSEC and NAT-T problem

I have a VPN from Windows 7 laptop to MikroTik using L2TP/IPSEC with NAT-T. It works without NAT-T but it has a strange error using NAT-T: 14:59:28 ipsec respond new phase 1 negotiation: 68.183.xxx.xxx[500]<=>67.169.xxx.xxx[500] 14:59:28 ipsec begin Identity Protection mode. 14:59:28 ipsec received ...
by rpress
Fri Jun 26, 2009 12:40 am
Forum: General
Topic: Intel Atom vs RB1000
Replies: 12
Views: 5737

Re: Intel Atom vs RB1000

We are testing with a dual core Atom 330. Hardware cost with 1U case is $410, measured power consumption 36W. Case is only 8" deep with PCI slot, compactflash, space for 2.5" HDD. www.idotpc.com case with MSI IM-945GC motherboard. Unfortunately there is a weird problem with the onboard NICs where UD...
by rpress
Thu Jun 25, 2009 10:08 pm
Forum: General
Topic: wireless-test sucks the life out of my Nokia N95...?
Replies: 1
Views: 585

Re: wireless-test sucks the life out of my Nokia N95...?

I was running 4.0beta3 with an 802.11g card and things were fine. Just recently I installed an ar5416 in 802.11n mode and now it sucks down my Nokia e71x phone battery.
by rpress
Fri Jun 19, 2009 6:13 am
Forum: General
Topic: problem with netinstall and cf kingston 2gb
Replies: 4
Views: 1110

Re: problem with netinstall and cf kingston 2gb

I also just tried Kingston 2GB compact flash card part number CF/2GBKR, and it also hangs after SYSLINUX. I used NetInstall and it formatted and installed just fine, but it does not boot; the HDD LED is solid and it hangs. I tried a couple other cards (256MB, 512MB) also with NetInstall and they boo...
by rpress
Fri Jun 12, 2009 8:26 pm
Forum: Wireless Networking
Topic: 802.11n
Replies: 939
Views: 285852

Re: 802.11n

Should 4.0beta3 work with AR5416 cards? I tried mine and it does not create an interface. It is shown in PCI resources:

name: AR5416 802.11a/b/g/n Wireless PCI Adapter (rev: 1)
vid: 0x168c
did: 0x168c
by rpress
Sat May 16, 2009 11:11 pm
Forum: General
Topic: VOIP and QOS
Replies: 7
Views: 3006

Re: VOIP and QOS

I use simple queues for VoIP and it works very well. This is for a 3 Mb/s line with 10.69.77.222 as the asterisk server. /queue type add kind=pcq name=pcq-upload pcq-classifier=src-address pcq-limit=50 \ pcq-rate=0 pcq-total-limit=2000 add kind=pcq name=pcq-download pcq-classifier=dst-address pcq-li...
by rpress
Fri May 15, 2009 5:58 pm
Forum: General
Topic: L2TP IPSEC from XP to RB1000 ping works but nothing else
Replies: 2
Views: 472

Re: L2TP IPSEC from XP to RB1000 ping works but nothing else

Could be a routing problem, NAT, or who knows. Why don't you post up the pertinent exports.

You can also use the packet sniffer under tools to see what traffic is going across the VPN.
by rpress
Fri May 15, 2009 5:35 pm
Forum: General
Topic: openvpn secret's password longer then 7 chars fails
Replies: 2
Views: 691

Re: openvpn secret's password longer then 7 chars fails

I have the same problem, the OpenVPN password only works if it is 7 characters or shorter. I can not imagine what would cause this problem but I want to chime in and say it is not only trx with the problem.
by rpress
Thu May 14, 2009 8:41 pm
Forum: General
Topic: Problems with VPN
Replies: 9
Views: 4345

Re: Problems with VPN

Well the L2TP problem still exists. I guess nobody else has this problem based on the lack of response. The L2TP server seems to respond on the "preferred source" address from the IP routing table even if the client connected to a different IP. This seems like a bug. I've mostly figured out the Open...
by rpress
Sun May 10, 2009 8:44 am
Forum: General
Topic: Problems with VPN
Replies: 9
Views: 4345

Re: Problems with VPN

bump
by rpress
Fri May 08, 2009 9:20 am
Forum: General
Topic: Problems with VPN
Replies: 9
Views: 4345

Re: Problems with VPN

So, is the L2TP problem a bug? Does anyone else have L2TP working with multiple IPs on the outgoing subnet?
by rpress
Thu May 07, 2009 5:40 pm
Forum: General
Topic: Problems with VPN
Replies: 9
Views: 4345

Re: Problems with VPN

Here is my L2TP config: [admin@client] /ip route> export /ip route add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\ xxx.xxx.43.32 scope=30 target-scope=10 add comment="" disabled=no distance=1 dst-address=192.168.0.0/16 gateway=\ 192.168.90.254 scope=30 target-scope=10 [admin@cl...
by rpress
Thu May 07, 2009 8:35 am
Forum: General
Topic: Problems with VPN
Replies: 9
Views: 4345

Problems with VPN

I am trying to get a MT-MT VPN working but I ran into some snags. 1) I first tried to set up a L2TP VPN. After configuring it all it still did not work so I used the packet sniffer. What I saw was that the client was sending connect data (normal) but the server would respond on another of the public...